[BlueOnyx:23044] Re: CushyCMS and ProFTPD

Ken Hohhof khohhof at kwom.com
Tue Jul 30 12:39:37 -05 2019 

Thanks, I'll try that.  I was reluctant to disable the ban feature if it had
been enabled all these years.


-----Original Message-----
From: Blueonyx <blueonyx-bounces at mail.blueonyx.it> On Behalf Of Michael
Stauber
Sent: Tuesday, July 30, 2019 12:20 PM
To: blueonyx at mail.blueonyx.it
Subject: [BlueOnyx:23043] Re: CushyCMS and ProFTPD

Hi Ken,

> Given the timeframe, I am wondering if this is related to the recent 
> update to ProFTPD.  I am seeing a bunch of zero second connections 
> from the CushyCMS IP address and in ban.log I am seeing that IP 
> address getting banned due to excessive client connection rate.  I 
> have not edited those settings, it appears that >30 connections in 60 
> seconds will get the IP banned for 1 hour.  This only seems to have 
> started happening in the past week or so, but as near as I can 
> determine, the mod_ban configuration is not new, I don’t think the 
> recent update changed it.

What's different is that the new ProFTPd has mod_ban and mod_geoip activated
by default. In your case it's most likely mod_ban that is causing the
issues.

In both /etc/proftpd.conf and /etc/proftpds.conf you have that in this
section:

# mod_ban configuration:
<IfModule mod_ban.c>
        BanEngine on
        BanLog          /var/log/proftpd/ban.log
        BanTable        /var/log/proftpd/ban.tab
        BanOnEvent MaxLoginAttempts 30/00:10:00 00:30:00
        BanOnEvent ClientConnectRate 30/00:01:00 01:00:00
        BanControlsACLs all allow group wheel </IfModule>

I stripped out the comments in this email as they would line wrap. Just
comment out this section in /etc/proftpd.conf and /etc/proftpds.conf by
putting a "#" at the beginning of each line of that block and restart
xinetd:

service xinetd restart
...or...
systemctl restart xinetd

Then see if that helps.

--
With best regards

Michael Stauber
_______________________________________________
Blueonyx mailing list
Blueonyx at mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

More information about the Blueonyx mailing list